Best Juan Guerrero Podcasts (2025)

1
Live at LABScon: Aurora Johnson and Trevor Hilligoss on China's 'internet toilets' 22:13

Play Pause

1h ago22:13

22:13

Three Buddy Problem - Episode 64: SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets," the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying tha…

1
Live at LABScon: Visi Stark shares memories of creating the APT1 report 28:50

1h ago28:50

28:50

Three Buddy Problem - Episode 63: Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025) Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Vis…

1
Live at LABScon: Lindsay Freeman on tracking Wagner Group war crimes 31:52

2h ago31:52

31:52

Three Buddy Problem - Episode 62: Lindsay Freeman, Director of the Technology, Law & Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media pl…

1
Can Apple's New Anti-Exploit Tech Stop iPhone Spyware Attacks? 2:45:46

15d ago2:45:46

2:45:46

Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. Plus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the va…

1
Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click 2:24:48

26d ago2:24:48

2:24:48

Three Buddy Problem - Episode 60: We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn’t), and what’s actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs wer…

1
Zero-day reality check: iOS exploits, MAPP in China and the hack-back temptation 2:32:15

1M ago2:32:15

2:32:15

Three Buddy Problem - Episode 59: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geo…

1
On AI’s future, security’s failures, and what comes next... 1:57:44

1M ago1:57:44

1:57:44

Three Buddy Problem - Episode 58: The buddies react to the Brandon Dixon episode, digging into what it’s really like to scale products inside a tech giant, navigate politics, and bring features to millions of machines. Plus, an exploration of the AI cybersecurity gold rush, the promise and hype, and the gamble for startups versus the slow-moving ad…

1
Live from Black Hat: Brandon Dixon parses the AI security hype 1:30:14

2M ago1:30:14

1:30:14

Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access. Plus, the fu…

1
Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service 1:51:42

2M ago1:51:42

1:51:42

Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibilit…

1
Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days 1:55:13

2M ago1:55:13

1:55:13

Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware gr…

1
Train brake hack, GRU sanctions, Wagner war crimes, Microsoft's Chinese ‘digital escorts’ 1:48:45

2M ago1:48:45

1:48:45

Three Buddy Problem - Episode 54: Europol busted pro‑Russian hacktivist crew NoName 057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked “war influencers” streamed atrocities from Africa, and fresh tech worries ranged from a $500 RF flaw that can hijack U.S. train brakes. Plus, ProPublica on Microsoft’s China‑based “digi…

1
How did China get Microsoft's zero-day exploits? 1:49:05

3M ago1:49:05

1:49:05

Three Buddy Problem - Episode 53: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister? Plus, Ch…

1
Who’s hacking who? Ivanti 0-days in France, China outs 'Night Eagle' APT 1:34:16

3M ago1:34:16

1:34:16

Three Buddy Problem - Episode 52: Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and c…

1
Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, destructive bank hacks 3:07:13

3M ago3:07:13

3:07:13

Three Buddy Problem - Episode 51: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blindi…

1
Cyber flashpoints in Israel-Iran war, the 'magnet of threats', Mossad drone swarms 1:51:48

3M ago1:51:48

1:51:48

Three Buddy Problem - Episode 50: This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes. Plus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s…

1
Mikko Hypponen talks drone warfare, APT naming schemes 1:29:04

4M ago1:29:04

1:29:04

Three Buddy Problem - Episode 49: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”. …

1
The dark hole of 'friendlies' and Western APTs 2:11:19

4M ago2:11:19

2:11:19

Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customer…

1
Russia hacks Ukraine war supply lines, Signal blocks Windows screenshots, BadSuccessor vuln disclosure debate 2:30:37

4M ago2:30:37

2:30:37

Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge d…

1
A Coinbase breach with bribes, rogue contractors and a $20M ransom demand 2:23:34

4M ago2:23:34

2:23:34

Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability datab…

1
JAGS keynote: The intricacies of wartime cyber threat intelligence 31:07

5M ago31:07

31:07

Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week). In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging informat…

1
Signalgate redux, OpenAI's Aardvark, normalizing cyber offense 2:38:40

5M ago2:38:40

2:38:40

Three Buddy Problem - Episode 44: We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors. Plus, …

1
Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security 1:33:42

5M ago1:33:42

1:33:42

Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national s…

1
China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles 1:39:19

5M ago1:39:19

1:39:19

Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Pl…

1
NSA director fired, Ivanti's 0day screw-up, backdoor in robot dogs 1:36:57

6M ago1:36:57

1:36:57

Three Buddy Problem - Episode 41: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploit…

1
Signalgate and ID management hiccups, PuzzleMaker and Chrome 0days, Lab Dookhtegan returns 1:52:34

6M ago1:52:34

1:52:34

Three Buddy Problem - Episode 40: On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky’s ‘Operation Forum Troll’ report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtega…

1
China exposing Taiwan hacks, Paragon spyware and WhatsApp exploits, CISA budget cuts 1:56:22

6M ago1:56:22

1:56:22

Three Buddy Problem - Episode 39: Luta Security CEO Katie Moussouris joins the buddies to parse news around a coordinated Chinese exposure of Taiwan APT actors, CitizenLab's report on Paragon spyware and WhatsApp exploits, an “official” Russian government exploit-buying operation shopping for Telegram exploits, the fragmentation of exploit markets …

1
A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting 2:05:43

6M ago2:05:43

2:05:43

Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper wit…

1
Revisiting the Lamberts, i-Soon indictments, VMware zero-days 1:39:32

7M ago1:39:32

1:39:32

Three Buddy Problem - Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play. Plus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Tr…

1
Lazarus ByBit $1.4B heist was supply chain attack on developer 1:53:22

7M ago1:53:22

1:53:22

Three Buddy Problem - Episode 36: Ryan and Juanito join the show from the RE//verse conference with discussion on Natalie Silvanovic’s keynote on hunting for bugs in mobile messengers, the thrill of looking at exposed attack surfaces and the grueling “losses” bug hunters endure before a breakthrough. We also cover the latest on the $1.4 billion ByB…

1
North Korea's biggest ever crypto heist: $1.4B stolen from Bybit 2:07:07

7M ago2:07:07

2:07:07

Three Buddy Problem - Episode 35: Juanito is live from DistrictCon with notes on discussion of an elusive iOS zero-day by a company called QuaDream and Apple’s controversial removal of iCloud backup end-to-end encryption in the UK. We also cover a staggering $1.4 billion hack by the Lazarus Group against Bybit, new angles in NSA-linked cyber-espion…

1
An 'extremely sophisticated' iPhone hack; Google flags major AMD microcode bug 1:25:12

7M ago1:25:12

1:25:12

Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity,…

1
Unpacking the UK government's secret iCloud backdoor demand 2:22:42

8M ago2:22:42

2:22:42

Three Buddy Problem - Episode 33: In this episode, we unpack the UK government's secret push for backdoor access to encrypted iCloud data, Apple’s approach to iCloud encryption, and the broader implications for privacy and security on a global scale. Plus, how security agencies handle zero-day vulnerabilities, surveillance spyware and mercenary hac…

1
Inside the DeepSeek AI existential crisis, Chinese 'backdoor' in medical devices 2:19:44

8M ago2:19:44

2:19:44

Three Buddy Problem - Episode 32: In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI’s models, why it’s stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoin…

1
Death of the CSRB, zero-days storms at the edge, Juniper router backdoors 1:48:59

8M ago1:48:59

1:48:59

Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen…

1
Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day 1:59:52

8M ago1:59:52

1:59:52

Three Buddy Problem - Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeti…

1
Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln 1:48:21

9M ago1:48:21

1:48:21

Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors a…

1
US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess 1:49:16

9M ago1:49:16

1:49:16

Three Buddy Problem - Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 …

1
Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights 1:53:11

9M ago1:53:11

1:53:11

Three Buddy Problem - Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network ed ge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025. Cast: Juan Andres Guerrero-Saade, Costin R…

1
US government's VPN advice, dropping bombs on ransomware gangs 1:58:40

9M ago1:58:40

1:58:40

Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government’s controver…

1
Surveillance economics, Turla and Careto, and the AI screenshots nobody asked for 2:14:07

9M ago2:14:07

2:14:07

Three Buddy Problem - Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-…

1
Inside the Turla Playbook: Hijacking APTs and fourth-party espionage 1:47:08

10M ago1:47:08

1:47:08

Three Buddy Problem - Episode 24: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt …

1
Volexity’s Steven Adair on Russian Wi-Fi hacks, memory forensics, appliance 0days and network inspectability 1:18:33

10M ago1:18:33

1:18:33

Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusion…

1
Sid Trivedi on the RSA Innovation Sandbox $5 million investment gambit 1:01:12

10M ago1:01:12

1:01:12

Episode sponsors: Binarly (https://binarly.io) Binary Risk Hunt (https://risk.binarly.io) In this reboot of the Security Conversations interview series, Foundation Capital partner Sid Trivedi weighs in on major changes to the RSA Innovation Sandbox, the mandatory $5M uncapped SAFE investment for all 10 finalists, and red-flag concerns around discou…

1
Russian APT weaponized nearby Wi-Fi networks in DC, new macOS zero-days, DOJ v Chrome 1:28:22

10M ago1:28:22

1:28:22

Three Buddy Problem - Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurit…

1
What happens to CISA now? Is deterrence in cyber possible? 1:53:51

10M ago1:53:51

1:53:51

Three Buddy Problem - Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks. Plus, discussion on hina’s cyber capabiliti…

1
Mysterious rebooting iPhones, EDR vendors spying on hackers, Bitcoin 'meatspace' attacks 1:37:00

11M ago1:37:00

1:37:00

Three Buddy Problem - Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘…

1
The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela 1:54:14

11M ago1:54:14

1:54:14

Three Buddy Problem - Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bra…

1
Fortinet 0days, Appin hack-for-hire exposé, crypto heists, Russians booted from Linux kernel 1:26:44

11M ago1:26:44

1:26:44

Three Buddy Problem - Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed f…

1
ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation 1:38:18

11M ago1:38:18

1:38:18

Three Buddy Problem - Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influenc…

1
Typhoons and Blizzards: Cyberespionage and national security on front burner 1:09:09

12M ago1:09:09

1:09:09

Three Buddy Problem - Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge…